IL281912B1 - Fast network recognition of active applications for real time user notification - Google Patents

Fast network recognition of active applications for real time user notification

Info

Publication number
IL281912B1
IL281912B1 IL281912A IL28191221A IL281912B1 IL 281912 B1 IL281912 B1 IL 281912B1 IL 281912 A IL281912 A IL 281912A IL 28191221 A IL28191221 A IL 28191221A IL 281912 B1 IL281912 B1 IL 281912B1
Authority
IL
Israel
Prior art keywords
application
communication
user
active application
accessing
Prior art date
Application number
IL281912A
Other versions
IL281912A (en
IL281912B2 (en
Inventor
Elyasaf Korenwaitz
Zvi Bazak
Matanya Ofan
Original Assignee
Netspark Ltd
Elyasaf Korenwaitz
Zvi Bazak
Matanya Ofan
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Netspark Ltd, Elyasaf Korenwaitz, Zvi Bazak, Matanya Ofan filed Critical Netspark Ltd
Publication of IL281912A publication Critical patent/IL281912A/en
Publication of IL281912B1 publication Critical patent/IL281912B1/en
Publication of IL281912B2 publication Critical patent/IL281912B2/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/535Tracking the activity of the user
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/564Enhancement of application control based on intercepted application data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/565Conversion or adaptation of application format or content
    • H04L67/5651Reducing the amount or size of exchanged application data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)
  • Measuring Pulse, Heart Rate, Blood Pressure Or Blood Flow (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)

Description

APPLICATION FOR PATENT Title: FAST NETWORK RECOGNITION OF ACTIVE APPLICATIONSFOR REAL TIME USER NOTIFICATION FIELD AND BACKGROUND OF THE INVENTIONThe present invention, in some embodiments thereof, relates to a system and method for fast recognition of active applications and, more particularly, but not exclusively, to a method for real time user notifications for iOS.US Patent no. 9621707 appears to disclose, "A system and method for discouraging the in appropriate use of a mobile device including registering a mobile device with a monitoring application running on a system coupled with a network. A mobile device is linked with the monitoring application through the network. The operational status of the mobile device is monitored to detect if a change occurs in the operational status. A change in the operational status of the mobile device is reported to the monitoring program with time information and the status change is displayed in a graphical interface, and a notification message is sent to a system user. Beacons might also be implemented to advise a device user to disable a mobile device to be monitored."US Patent no. 10158733 appears to disclose, "A method for tracking usage of applications on a mobile device that includes a virtual private network (VPN) application. The VPN application includes a rule dictionary to store a rule for each application that is executable on the mobile device. A rule comprises an identifier for the application and an associated regular expression. To create a rule, a new application is installed on the mobile device and executed to create network traffic. The network traffic from the new application is inspected and a regular expression that matches the new application is created and stored in the rules dictionary. Once the rule is stored, a usage of the application can be identified based on monitoring the network traffic and searching the rule dictionary to identify a matching application. Once a matching application is found, the usage metric of the application is updated."US Patent no. 10237280 appears to disclose that, "Devices, systems, and methods for allowing parents to view and track smart phone activities of their children can include one or more child software modules. The module can be installed on each child's smart phone. The module can access and extract data from or about more than one of the smart phone's other software applications, including at least two of the following: a texting application, a social media application, an image application that facilitates transmission or reception of images, and a web browser application. The module can further send the extracted data to an analysis server. The module can also monitor location data. Moreover, the system can include an analysis server that can identify potentially harmful language, images, and websites. Further, the system can include a parent portal. The parent portal can receive results from the analysis serve"US Patent Publication no. 20180367560 appears to disclose that, "Data is collected from a set of devices according to a data collection policy. The data is associated with device configuration, device state, or device behavior. A norm is established using the collected data. A different data collection policy is established based on the norm. Data is collected from a particular device according to the different data collection policy. The norm is compared to the data collected from the particular device. If there is a deviation outside of a threshold deviation between the norm and the data collected from the particular device, a message is transmitted to an administrator." SUMMARY OF THE INVENTIONAccording to an aspect of some embodiments of the invention, there is provided a method of recognizing an active application on a device including: Intercepting a communication from the device; truncating a portion of a header of the communication to a truncated string; searching the truncated string for an identifying substring characteristic of an application.According to some embodiments of the invention, the searching includes a preliminary search using a short list of applications and a further search using a longer list of applications when the preliminary search fails to identify the active application.According to some embodiments of the invention, the truncating includes removing a common substring from the header.According to some embodiments of the invention, the truncating includes applying between 5 to 100 regular expressions to the portion of the header.
According to some embodiments of the invention, the portion of the header includes a User-Agent.According to some embodiments of the invention, the portion of the header includes more than one User-Agent combined together.According to some embodiments of the invention, the searching is for one of a list of applications known to have been installed onto the device.According to some embodiments of the invention, the searching is for one of a list of applications and the searching is repeated for a short list of applications and a long list of applications.According to some embodiments of the invention, the method further includes searching for a target address in the header and further including: rejecting an application identified in the step of search when the application does not match the target address.According to some embodiments of the invention, the method further includes: discarding a common communication.According to some embodiments of the invention, the method further includes: disregarding a common communication.According to some embodiments of the invention, the method further includes: sending a notification to a user interface of the device including information about an application identified in the searching.According to some embodiments of the invention, the intercepting is performed by a proxy application running locally on the device and wherein the notification is sent by a remote server.According to some embodiments of the invention, the notification includes at least one of a text message and a voice message.According to some embodiments of the invention, the method further includes blocking the communication.According to an aspect of some embodiments of the invention, there is provided a system for recognizing an active application on a device: a user device communicating over a network; a proxy application running on the user device the proxy application configured for: Intercepting a communication from the device; truncating a portion of a header of the communication to a truncated string; searching the truncated string for an identifying substring characteristic of an application.
According to some embodiments of the invention, the system further includes: a long list of applications and a short list of application and wherein the proxy application is configured to search for an application from the short list and when an application from the short list is not found further search from the long list.According to some embodiments of the invention, the system further includes: a remote server configured for receiving identification of the application from the proxy application and sending a notification to a user interface of the device identifying the application.According to some embodiments of the invention, the system further includes: a set of between 1 and 50 regular expressions for performing the truncating.Unless otherwise defined, all technical and/or scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which the invention pertains. Although methods and materials similar or equivalent to those described herein can be used in the practice or testing of embodiments of the invention, exemplary methods and/or materials are described below. In case of conflict, the patent specification, including definitions, will control. In addition, the materials, methods, and examples are illustrative only and are not intended to be necessarily limiting.As will be appreciated by one skilled in the art, some embodiments of the present invention may be embodied as a system, method or computer program product. Accordingly, some embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a "circuit," "module" or "system." Furthermore, some embodiments of the present invention may take the form of a computer program product embodied in one or more computer readable medium(s) having computer readable program code embodied thereon. Implementation of the method and/or system of some embodiments of the invention can involve performing and/or completing selected tasks manually, automatically, or a combination thereof. Moreover, according to actual instrumentation and equipment of some embodiments of the method and/or system of the invention, several selected tasks could be implemented by hardware, by software or by firmware and/or by a combination thereof, e.g., using an operating system.
For example, hardware for performing selected tasks according to some embodiments of the invention could be implemented as a chip or a circuit. As software, selected tasks according to some embodiments of the invention could be implemented as a plurality of software instructions being executed by a computer using any suitable operating system. In an exemplary embodiment of the invention, one or more tasks according to some exemplary embodiments of method and/or system as described herein are performed by a data processor, such as a computing platform for executing a plurality of instructions. Optionally, the data processor includes a volatile memory for storing instructions and/or data and/or a non-volatile storage, for example, a magnetic hard-disk and/or removable media, for storing instructions and/or data. Optionally, a network connection is provided as well. A display and/or a user input device such as a keyboard or mouse are optionally provided as well.Any combination of one or more computer readable medium(s) may be utilized for some embodiments of the invention. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.Program code embodied on a computer readable medium and/or data used thereby may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.Computer program code for carrying out operations for some embodiments of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).Some embodiments of the present invention may be described below with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.These computer program instructions may also be stored in a computer readable medium that can direct a computer, other programmable data processing apparatus, or other devices to function in a particular manner, such that the instructions stored in the computer readable medium produce an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.The computer program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide processes for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.Some of the methods described herein are generally designed only for use by a computer, and may not be feasible or practical for performing purely manually, by a human expert. A human expert who wanted to manually perform similar tasks might be expected to use completely different methods, e.g., making use of expert knowledge and/or the pattern recognition capabilities of the human brain, which would be vastly more efficient than manually going through the steps of the methods described herein.Data and/or program code may be accessed and/or shared over a network, for example the Internet. For example, data may be shared and/or accessed using a social network. A processor may include remote processing capabilities for example available over a network (e.g. the Internet). For example, resources may be accessed via cloud computing. The term "cloud computing" refers to the use of computational resources that are available remotely over a public network, such as the internet, and that may be provided for example at a low cost and/or on an hourly basis. Any virtual or physical computer that is in electronic communication with such a public network could potentially be available as a computational resource. To provide computational resources via the cloud network on a secure basis, computers that access the cloud network may employ standard security encryption protocols such as SSL and PGP, which are well known in the industry.
BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWING(S)Some embodiments of the invention are herein described, by way of example only, with reference to the accompanying drawings. With specific reference now to the drawings in detail, it is stressed that the particulars shown are by way of example and for purposes of illustrative discussion of embodiments of the invention. In this regard, the description taken with the drawings makes apparent to those skilled in the art how embodiments of the invention may be practiced.In the drawings:FIG. 1 is a schematic illustration of a system for identification of an active application and/or user notification in accordance with an embodiment of the current invention;FIG. 2A is a flow chart illustration of a method for identification of an active application and/or user notification in accordance with an embodiment of the current invention;FIG. 2B is a flow chart illustration of a method for intervention and/or user notification in accordance with an embodiment of the current invention;FIG. 3 is a is a flow chart illustration of a method for fast recognition of an application from a header in accordance with an embodiment of the current invention;FIG. 4A is an example of a header;FIG. 4B is an example of a header;FIG. 5 illustrates examples of truncated headers in accordance with embodiments of the current invention; andFIG. 6 is an illustration of databases for recognition of an active application in accordance with an embodiment of the current invention.
DESCRIPTION OF SPECIFIC EMBODIMENTS OF THE INVENTIONThe present invention, in some embodiments thereof, relates to a system and method for fast recognition of active applications and, more particularly, but not exclusively, to a method for real time user notifications for iOS.
Overview An aspect of some embodiments of the current invention relates to notifying a user of issues related to an application that is active on a user computing device. In some embodiments, it is desirable for an external actor (e.g. an application running in background on the device and/or an Internet server) to notify a user about issues with an active application running on a computing device. In some operating systems, (for example iOS running on an Apple platforms unless otherwise stated herein the term iOS also includes ipadOS) information on active applications on a device may not be available to external actors. Furthermore, external actors may be inhibited from taking control (for example in order to deliver a notification) of the device from an active application.In some embodiments, a virus shield, a spy ware shield and/or a content filtering application may block certain applications and/or block Internet access and/or direct Internet requests to a remote server that may allow. For example the server may block and/or filter access. This may cause applications and/or a device to malfunction (e.g. "crash" and/or not function properly). Without a timely accurate message, the user will not know what happened. For example, he might blame an Internet provider or a bug in the application or a fault in his device. In some embodiments, a parent and/or an employer may want to track what applications a user is running and/or for how long. In some embodiments, a person may want to get warnings and/or keep track of when he is spending a large amount of time on certain applications. In some embodiments it may be desirable to collect statistics on the user of one or more applications. In some or all of these cases, it will be desirable to recognize the application and/or send the notification in a very short time period (for example in a short enough time period that the user will not have changed applications in the interim). In some or all of these cases it may be important that a determination of a running application is accurate. Otherwise, the system may interrupt use of the device unnecessarily and/or give an inaccurate message to a user.In some embodiments, a proxy application intercepts an Internet communication. The communication is analyzed by the proxy application and/or in support of a remote server. In some embodiments, the proxy will alert a user by sending a notification through an Internet server back to the device, for example in the form of a remote communication (e.g. a system alert (e.g. via a VPN and/or a Proxy application) and/or as a phone call (e.g. via VoIP) and/or as a text message (e.g. SMS) and/or as a multi-media message).
As aspect of some embodiments of the current invention relates to determining from an outgoing communication what application sent the communication and/or what application is active on a device. In some embodiments, system will intercept and/or analyze a message sent by a computing device. For example, the system may run as an Internet proxy application on the device and/or on an Internet server. Optionally, the system reads message header and/or uses information from the header to determine what application sent the message. Optionally, various procedures may be used to achieve recognition of the sending application quickly and/or accurately.In some embodiments, the system includes a procedure that quickly recognizes common communications that are not of interest and/or discards these communications without wasting computing time analyzing these messages. Additionally or alternatively, the system includes a procedure that quickly truncates a communication header and/or eliminates data that is not valuable in determining the source of the communication. This may, in some embodiments, reduce the volume of data that to be searched and/or analyzed. In some embodiments, the system tries to recognize one of small population of potential source applications and/or progressively searches for a larger population of potential source applications when the source is not recognized from the smaller population. For example, the system may determine if the current message is from the same active application as last recognized communication and/or from a set of recently used applications and/or from a set of applications known to have been installed on the device (from example from a list of installed applications from a Mobile Device Management (MDM) server) and/or from a list of popular applications (optionally filtered according to known characteristics of a device and/or its user) and/or from a large list of applications available for the device. In some embodiments, a source application will be recognized from a proxy header, for example from a User-Agent and/or the Host/IP.

Claims (18)

281912/ WHAT IS CLAIMED IS:
1. A method of identifying a name of an active application that is performing a suspicious activity and that is sending a communication from a device to a network, the method configured to be performed on the device even when the device does not supply explicit information about the active application, the method comprising: Intercepting an http header from the communication from the device to the network; searching in a User-Agent field of said http header of the communication for an irrelevant phrase that is not relevant to identifying desired information including said active application on the device; converting said User-Agent field into a truncated string by removing the irrelevant phrase found in said searching and throwing out the irrelevant phrase, said truncated string consisting of text that remains from the User-Agent field after said removing the irrelevant phrase; identifying in the truncated string text characteristic of the active application that is sending the communication; and recovering a name of the active application that is sending the communication from the device based on the text characteristic of the active application; sending a real time notification to a user of the device via a user interface of the device, said notification including said name of the active application from said recovering.
2. The method of claim 1, wherein said recovering includes a preliminary search using a short list of applications and a further search using a longer list of applications when said identifying fails based on said preliminary search.
3. The method of claim 1, wherein said searching for irrelevant phrase includes applying between 10 to 100 regular expressions to said User-Agent field.
4. The method of claim 1, wherein said searching includes more than one User-Agent field combined together. 281912/
5. The method of claim 1, wherein said identifying is for one of a list of applications known to have been installed onto the device.
6. The method of claim 1, further comprising recognizing for a target address in said header and further comprising: rejecting an application identified in said step of recovering when said application does not match said target address.
7. The method of claim 1, further comprising: discarding a communication from a native application of the device.
8. The method of claim 1, wherein said intercepting is performed by a proxy application running locally on the device and wherein said notification is sent by a remote server.
9. The method of claim 8, wherein said notification includes at least one of a text message and a voice message.
10. The method of claim 8, further comprising blocking said communication.
11. The method of claim 8, further comprising notifying a server of said communication.
12. The method of claim 11, wherein said server performs at least one action selected from blocking said communication and giving instructions to a local processor for responding to said communication.
13. The method of claim 1, wherein said suspicious activity includes at least one of accessing prohibited content, accessing suspicious content, use of the application at a prohibited time, accessing the application at a prohibited location, activation of the application for too much time, accessing a prohibited web site, or accessing a suspicious web site.
14. A system for identifying a name of an active application that is acting suspiciously and sending a communication from a user device to a network; the system configured to be performed even when the device does not supply explicit information about the active application, the system comprising: 281912/ a proxy application running on said user device, said proxy application configured for: intercepting the communication from the device; searching in a User-Agent field of an http header of the communication for an irrelevant phrase that is not relevant to the information being sought to identifying the name of said active application; converting said User-Agent field into a truncated string by removing the irrelevant phrase found in said searching; identifying text characteristic of the active application in said truncated string; recognizing the text characteristic of the active application sending the communication; recovering a name of the active application based on the text characteristic of the active application; sending a real time notification to a user of the device via a user interface of the device, said notification including said name of the active application from said recovering.
15. The system of claim 14, further comprising: a long list of applications and a short list of applications and wherein said proxy application is configured for said recognizing to be text characteristic of an application from said short list and when an application from said short list is not found, further search from said long list.
16. The system of claim 14, further comprising: a remote server configured for receiving the name of said active application from said proxy application and sending a notification to a user interface of said device identifying said active application.
17. The system of claim 14, further comprising: a set of between 10 and 50 regular expressions for performing said truncating.
18. The system of claim 14, wherein said acting suspiciously includes at least one of accessing prohibited content, accessing suspicious content, use of the application at a prohibited time, accessing the application at a prohibited location, activation of the application for too much time, accessing a prohibited web site, or accessing a suspicious web site.
IL281912A 2019-12-03 2020-11-02 Fast network recognition of active applications for real time user notification IL281912B2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201962942758P 2019-12-03 2019-12-03
PCT/IL2020/051136 WO2021111430A1 (en) 2019-12-03 2020-11-02 Fast network recognition of active applications for real time user notification

Publications (3)

Publication Number Publication Date
IL281912A IL281912A (en) 2021-06-30
IL281912B1 true IL281912B1 (en) 2023-06-01
IL281912B2 IL281912B2 (en) 2023-10-01

Family

ID=76221527

Family Applications (2)

Application Number Title Priority Date Filing Date
IL281912A IL281912B2 (en) 2019-12-03 2020-11-02 Fast network recognition of active applications for real time user notification
IL302772A IL302772A (en) 2019-12-03 2020-11-02 Fast network recognition of active applications for real time user notification

Family Applications After (1)

Application Number Title Priority Date Filing Date
IL302772A IL302772A (en) 2019-12-03 2020-11-02 Fast network recognition of active applications for real time user notification

Country Status (3)

Country Link
US (1) US11483420B2 (en)
IL (2) IL281912B2 (en)
WO (1) WO2021111430A1 (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040210469A1 (en) * 1997-03-31 2004-10-21 Sbc Technology Resources, Inc. Apparatus and method for monitoring progress of customer generated trouble tickets
US20090154480A1 (en) * 2007-12-14 2009-06-18 Kddi Corporation Communication control method and system
US20090252148A1 (en) * 2008-04-03 2009-10-08 Alcatel Lucent Use of DPI to extract and forward application characteristics
US20100077161A1 (en) * 2008-09-24 2010-03-25 Timothy John Stoakes Identifying application metadata in a backup stream
US20120005719A1 (en) * 2010-07-01 2012-01-05 Raytheon Company Proxy-Based Network Access Protection
US20120284256A1 (en) * 2011-05-06 2012-11-08 Microsoft Corporation Location-aware application searching
US20140297838A1 (en) * 2013-03-29 2014-10-02 Citrix Systems, Inc. Providing mobile device management functionalities
US10209978B1 (en) * 2017-08-04 2019-02-19 Sprint Communications Company L.P. Mobile application installation service on a mobile phone
US20190149445A1 (en) * 2017-11-10 2019-05-16 Netscout Systems, Inc Automatically determining over-the-top applications and services
US10326789B1 (en) * 2015-09-25 2019-06-18 Amazon Technologies, Inc. Web Bot detection and human differentiation

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5316259B2 (en) * 2009-06-25 2013-10-16 富士通株式会社 Data processing apparatus, data processing program, and data processing method
US9286471B2 (en) * 2011-10-11 2016-03-15 Citrix Systems, Inc. Rules based detection and correction of problems on mobile devices of enterprise users
GB2512267B (en) * 2012-10-30 2015-09-16 Openwave Mobility Inc Determination of information relating to messages
US10122747B2 (en) 2013-12-06 2018-11-06 Lookout, Inc. Response generation after distributed monitoring and evaluation of multiple devices
US9621707B2 (en) 2014-01-07 2017-04-11 20/20 Cte, Llc System and method for discouraging inappropriate use of a mobile device
US10263903B2 (en) 2014-02-05 2019-04-16 Ibasis, Inc. Method and apparatus for managing communication flow in an inter-network system
EP3314924A4 (en) 2015-06-25 2019-02-20 Websafety, Inc. Management and control of mobile computing device using local and remote software agents
US10158733B2 (en) 2016-04-01 2018-12-18 App Annie Inc. Automated DPI process
US10440053B2 (en) * 2016-05-31 2019-10-08 Lookout, Inc. Methods and systems for detecting and preventing network connection compromise
US10938786B2 (en) * 2017-12-01 2021-03-02 Twingate Inc. Local interception of traffic to a remote forward proxy
US10855806B2 (en) * 2018-04-23 2020-12-01 Lightspeed Solutions, Llc Proxy injection of browser-executable functions
US10862782B2 (en) * 2019-04-02 2020-12-08 Oath Inc. Application identification using network traffic

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040210469A1 (en) * 1997-03-31 2004-10-21 Sbc Technology Resources, Inc. Apparatus and method for monitoring progress of customer generated trouble tickets
US20090154480A1 (en) * 2007-12-14 2009-06-18 Kddi Corporation Communication control method and system
US20090252148A1 (en) * 2008-04-03 2009-10-08 Alcatel Lucent Use of DPI to extract and forward application characteristics
US20100077161A1 (en) * 2008-09-24 2010-03-25 Timothy John Stoakes Identifying application metadata in a backup stream
US20120005719A1 (en) * 2010-07-01 2012-01-05 Raytheon Company Proxy-Based Network Access Protection
US20120284256A1 (en) * 2011-05-06 2012-11-08 Microsoft Corporation Location-aware application searching
US20140297838A1 (en) * 2013-03-29 2014-10-02 Citrix Systems, Inc. Providing mobile device management functionalities
US10326789B1 (en) * 2015-09-25 2019-06-18 Amazon Technologies, Inc. Web Bot detection and human differentiation
US10209978B1 (en) * 2017-08-04 2019-02-19 Sprint Communications Company L.P. Mobile application installation service on a mobile phone
US20190149445A1 (en) * 2017-11-10 2019-05-16 Netscout Systems, Inc Automatically determining over-the-top applications and services

Also Published As

Publication number Publication date
WO2021111430A1 (en) 2021-06-10
IL302772A (en) 2023-07-01
US11483420B2 (en) 2022-10-25
US20210360091A1 (en) 2021-11-18
IL281912A (en) 2021-06-30
IL281912B2 (en) 2023-10-01

Similar Documents

Publication Publication Date Title
US11429625B2 (en) Query engine for remote endpoint information retrieval
US11238366B2 (en) Adaptive object modeling and differential data ingestion for machine learning
US10511615B2 (en) Non-protocol specific system and method for classifying suspect IP addresses as sources of non-targeted attacks on cloud based machines
US9838419B1 (en) Detection and remediation of watering hole attacks directed against an enterprise
JP2020039137A (en) Network flow log for multi-tenant environment
US20190121969A1 (en) Graph Model for Alert Interpretation in Enterprise Security System
US10567409B2 (en) Automatic and scalable log pattern learning in security log analysis
US10158733B2 (en) Automated DPI process
CN107547490B (en) Scanner identification method, device and system
CN111404937B (en) Method and device for detecting server vulnerability
US11178160B2 (en) Detecting and mitigating leaked cloud authorization keys
KR20200025043A (en) Method and system for security information and event management based on artificial intelligence
CN114338064B (en) Method, device, system, equipment and storage medium for identifying network traffic type
CN115134099A (en) Network attack behavior analysis method and device based on full flow
US10187264B1 (en) Gateway path variable detection for metric collection
CN111371778A (en) Attack group identification method, device, computing equipment and medium
Negoita et al. Enhanced security using elasticsearch and machine learning
RU2659482C1 (en) Protection of web applications with intelligent network screen with automatic application modeling
US10419351B1 (en) System and method for extracting signatures from controlled execution of applications and application codes retrieved from an application source
US11075951B1 (en) Query learning for automated incident investigation and remediation
US10491625B2 (en) Retrieving network packets corresponding to detected abnormal application activity
CN108234431A (en) A kind of backstage logs in behavioral value method and detection service device
CN110830416A (en) Network intrusion detection method and device
IL281912B1 (en) Fast network recognition of active applications for real time user notification
US9118563B2 (en) Methods and apparatus for detecting and filtering forced traffic data from network data